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adapted in the system by authority software (4) used in conjunction with the user's browser and/or terminal (5). The ID author- 
ity (10) is interconnected between an enrolled user (6) and web site provider (20) and controls enrollment, customer support and 
administration. The ID authority site (10) includes interconnected web site server (101), LDAP server (102), encryption services 
server (103) and database (104) containing user and subscriber profiles. Wejb site providers (20) subscribing to the ID authority (10) 
includes identity verification software scripts provided by the authority (10) in their HTML pages (22). Communications between 
the user (5) and ID authority (10) may be encrypted through server (103). The identity data from the user (5) in compliance with the 
demand is sent in a message packet (15) to the authority (10). Depending on the comparison result, a response is sent, either failure 
or success is sent to the user terminal (15). The user terminal (15) then transmits the verification code (23) to the identity authority 
(10). In enrolling in the system (1 1), the user (5) provides an identity profile (12) that can include a combination of biometrics and 
authentication methods (lc), (2c), or (3c). The biometric software (7) is installed on the user terminal (15). The browser software 
includes a mechanism for conventionally communicating with a web site anii for receiving a verification demand from a web site (8). 
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Multi-Tiered Identity Verification Authority for E-commerce 



Field Of The Invention 

This invention relates to e-commerce, 
system for third party verification of the identity 
participants, and other participants in Web 



particularly, a mechanism and 
of Web and Internet commerce 
information transactions and 



communications ("e-commerce''), namely, an identity authority ("ID Authority") 
that is useful with Web and other Internet sites and their users as an 
improvement of the next generation of Internet infrastructure 
io Background And Summary Of The Invention 

In electronic commerce business using the World Wide Web and the 
Internet, there is a need for better proof of a customer's identity than is provided 



also desire a more secure and 
Web transactions. Financial 



currently by password login. Most Web users 
convenient way to identify themselves for 

15 institutions, pharmaceuticals distributors, and retailers are among the groups that 
would benefit from improved identity verification mechanisms. 

It is an object of the invention to provide a service mechanism and system 
to act as a third party to verify identity for e-commerce participants using 
passwords, smart cards, and biometrics in a hierarchy, and combinations thereof 

20 depending on the need for security. The service will verify the identity of a 
person using a Web browser and allow that user to interact with the Web site or 
other Internet mechanism. The system can also verify the Web site to the user, 
and optionally, the personal identity of an individual user at the Web site. As a 
further option, the service can verify the personal identities of two Web 

25 participants to each other. 
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It is a further object to allow verifications to be requested at more that one 



level, instance by instance: a lower-risk action 



verification; a high-risk transaction may require biometric verification; or 



may only need smart card 



intermediate levels may be provided. Users are 
different levels of participation, with higher levels a 



able to opt for one or more 
lowing them to meet requests 



;e for and provide analogous 
in the current Public Key 
also an object of the invention 



for higher-level verifications. The invention is intended to benefit participants by 
removing the complexity of implementing and administering unique trust 
relationships while achieving the benefits of verified identity in electronic 
communications and transactions. 
10 It is an object of the invention to substitu 

functions to the Certificate Authority function 
Infrastructure (PKI) identification mechanisms. It is 

to provide third-party network directory services integrated with the identity 
verification authority service, 
is The invention is described more fully in the following description of the 

preferred embodiment considered in view of the drawings in which: 
Brief Description Of The Drawings 

. Figure 1 shows the prior art structure in 
separate and unique relationship with every other user. Every time a new user is 
20 added to the population, every member needs to add a new relationship. 

Figure 2 illustrates the identity authority mechanism and system in which 
adding a new user involves adding only one relationship with an identity authority. 
The benefits of the authority mechanism and system compound as the 
populations of Web sites and users grow. 



which each user requires a 
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Figure 3 shows system architecture arid identity authority structures, 

relationships and operations in the preferred embodiment. 

j 

Detailed Description Of The Invention And The Preferred Embodiment 

In the mechanism and system of the invention, each user will receive a kit 

5 including a smart card, a smart card reader and biometric reader, or combined 
reader. A lower-price option may be a smart card reader only. Installation 
software to install the readers and identity verification system of the invention for 
use in conjunction with a Web browser is also provided. The software may be 
stand alone for exclusive use with the system or may be provided in the user kit 

10 as a plug-in for an OEM browser such as Microsoft Explorer® or Netscape 
Navigator®. Each member / client Web site or participating Internet site will 
implement scripts in their Web content HTML pages as explained below to make 
use of the identity authority mechanism and directory system. 

In an example, from the user's perspective, a corporate buyer deals with 

15 different Web marketplaces for office supplies, financial services, construction, 
energy and maintenance, and other new areas that are added frequently. If each 
of these marketplaces has its own (and likely unique) method for validating 
identity and "signing" a transaction, as shown in 
- Un, will require considerable physical and intellectual overhead to maintain 

20 encrypted passwords and the like that are necessary for an entry relationship to 
all seller, S1 - Sn, web sites. If, on the other hand, the marketplaces referred the 
identity verification function to the authority mechanism and system of the 
invention as shown in Figure 2, each buyer or user would need only one set of 
credentials maintained by the Identity Authority with regard to users and sellers. 

25 Each marketplace operator would be relieved from the burden of maintaining a 



Figure 1, each buyer or user, U1 
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verification infrastructure in instances when identity verification is required in e- 
commerce. 

The mechanism and system is useful with many categories of participants 
in Internet transactions, in addition to business transactions that depend on 

5 certification of an individual's identity. One example of such a transaction is the 
Federal government mandate that electronic benefits enrollments and renewals 
be validated using a biometric verification of identity. Other examples are the 
regulatory mandates in California and Ohio that online drug prescriptions must 
have a biometric or other certification of the prescribing doctor's identity. 

10 Similarly, many other large examples, such as B2B ("business-to-business") 
contracting and banking, may not have a government mandate but do have the 
interests of the participants in reducing fraud and 

The invention is also useful to small companies currently facing problems 
of recognition on the Web. The identity verification authority mechanism and 

is system of the invention assists business on the 

In B2B commerce that by 2002 is estimated to grow to nearly 75% of corporate 
buyers and sellers doing over $750 billion in transactions, the invention is 
likewise useful. The low cost and many-to-many Internet connectivity is 
motivating businesses to migrate in whole or in part to Web and Internet 

20 marketplaces from the Old Economy one-to-one relationships. This commercial 
movement, however, also creates new openings for misrepresentation and fraud. 
The biometric identity verification mechanism and system enhances individual 
accountability onto the Web. 



liability exposure. 



Web by backing their presence. 
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In the preferred embodiment, a signup fee and annual renewal per user 
are charged to the user organizations and a transaction fee per verification is 
charged to the Web site seller or other provider, i 

! 
j 

In its full multi-layer function, the invention will complement, or support, 
5 current public key encryption (PKI) certifications of authenticity (CA's) such as 
VeriSign® and CyberTrust®. Legacy institutions, jsuch as banks, and the USPS 
will find the invention readily adaptable to their use in view of the fact that many 
banks have limited technical resources. Large membership sites such as AOL®, 
and Yahoo® are configured for a very large population of loosely-held consumer 
10 relationships. To perform an authority service, such sites would need to change 
their business model. Such types of sites, however, have access to corporate 
relationships and technical resources through and by which the invention may be 
implemented. 

With regard to partial function identification 
15 CA's can promote the use of PKI mechanism 
signature role, and implement a mechanism to 



using smart cards or other means. Private PKI implementations using proprietary 



without biometrics, public key 
and systems to fill a digital 
make PK certificates portable 



In further applications, Web 
Ezlogin.com®, and Digitalme® 



software can fill the role in closed communities, 
logon identity managers such as eCode.com®, 
20 may adapt operations to the smart card and biometric roles, in the context of 
large numbers of loose relationships. 

The nature of the identity authority mechanism and system is indifferent to 

differences between business users and consumer users; the preferred 

i 

embodiment favors a business orientation in which a population of users and a 

I 

25 group of Web sites using the mechanism and system are quickly established in a 
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group of Web site operators that serve a shared user population. Online 
auctions are an example. Since these marketplaces are often established by a 
business that wants to operate the auction j site, these operating auction 

companies are points of entry for the market. | In implementing the authority 

i 
i 

5 mechanism and system at multiple auction operators efficiencies of simplicity and 
economy as depicted in Figure 2 can be achieved. Web based pharmacies, 

i 

MD's, banks and Web marketplaces are also potential users. 

The system provides from the standpoint of a user, a simplified and direct 
mechanism for standardized user verification. From the standpoint of the site 
10 provider, the system offers convenience to users and adds a mechanism 
whereby access, purchase and other site functions can be predeterminedly 
controlled in accordance with specific rules and criteria related to individual users 
and transactions. 

In its general description, the system includes a user kit consisting of a 
15 smart card, a smart card reader and biometric reader, or combination, and 
software for the user's terminal, usually a PC 
variant may omit biometric capability. These components are available as semi- 
custom or off-the-shelf products. On the Web provider side, the invention 
provides a mechanism and system that verifies identification packets sent by the 

20 seller's Web server, assembled from a combination of off-the-shelf products and 

J 

custom software, in addition to the existing backjroom implementation. The user 

i 

kit enables the establishment of a user identity profile interrelated among the 

i 

categories of log-in, smart card and biometric routines. For example, the smart 
card may include a fingerprint profile that will be compared in the identification 

25 process at the user terminal to the reading created by the biometric reader. 

I 
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Alternatively or additionally, the fingerprint profile may be maintained in the 

j 

remote ID Authority database for comparison, j 

! 

The system acts as a third party in Internet interactions, including but not 

i 

limited to HTTP (Web), e-mail, FTP, WAP, eta, to verify personal identity. 

! 

Optionally other information such as corporate affiliations and authorizations of 

I 

one participant to the other and personal identities and other information of 

participants are verified to each other. One version, specific to a World Wide 

i 

Web use of the invention, employs a sequence of operations as follows: 



in the identity verification 



Example I 

1. The ID Authority business enters an agreement with a Web 
business site to provide the identity verification function. The Web 
site adds specific software scripts to their HTML pages wherever 
the identity verification functions are needed. 

2. A business Web user is enrolled 
service and receives a user kit containing software components, a 
smart card reader, and a biometric reader to install on their PC, and 
a personalized smart card. 

3. To begin a particular interaction, the user browses to the 
Web site and to the particular page of interest. The Web site 
downloads a page containing the scripts to use the identity 
verification service. 

4. The script in the Web page executes on the user's PC, 

i 

making use of the software components j installed from the user kit 

i 

to collect the claimed identity plus evidence to support that claim; 
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i 
i 

i 
l 

specifically to access and manipulate the! smart card and biometric 

i 

reader if those options are being used. The software components 

i 

generate a message packet to the identity authority containing the 

i 

! 

claimed identity and the evidence to support that identity. 

i 

5. The identity authority examines the evidence provided in the 

. j 

packet and generates a response. If the comparison fails, the 

! 

response contains only a failure notification. If the comparison 
succeeds, the response contains a success notification and a 
unique verification code. The response is sent to the user's PC. 

6. The scripts continuing to execute in the user's PC handle the 
response, placing the verification code 'and positive response in 
their positions in the requesting page. Either upon receipt or on 

i 

user action, the request page with the appropriate data items is 
dispatched to the Web server. Either immediately or later, 
depending on business needs, the Web server can send a 
message packet to the identity authority requesting a check of the 

verification code returned by the user. The reply to this request will 

i 

be a simple Yes/No depending on the results of the check plus any 

t 
i 

requested optional information such as authorizations. 

! 

The above methods may be adapted to use cryptography-based methods 

to verify Identity. In a variation, the system uses smart card based methods, 

i 

optionally in combination with cryptography methods, to verify identity and 
provide other optional information. In this variation, the software components on 
the users PC would interact with the smart card to produce data elements, and 
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i 
i 

i 
i 

optionally, a cryptographic Message Authentication Code (MAC) for a message 
to the requesting participant. That participant could then submit the message to 

i 

the ID Authority for verification. j 

Biometric methods are optionally used in combination with smart cards 
and cryptography to verify identity in the preferred embodiment. A version 



adapted to World Wide Web use follows: 



i 

Example II | 

1. The ID Authority business enters an agreement with a Web 

i 

business site to provide the identity verification function. The Web 

i 

site adds specific software scripts to their HTML pages wherever 

i 
! 

the identity verification functions are needed. 

i 
i 

2. A business Web user is enrolled in the identity verification 

i 

! 

service and receives a user kit containing software components, a 

i 

smart card reader, and a biometric readerjto install on their PC, and 

i 

a personalized smart card. ! 

3. To begin a particular interaction, ithe user browses to the 

Web site and to the particular page of interest. The Web site 

i 
i 

downloads a page containing the scripts to use the identity 

I 

verification service. ' 

I 

4. The script in the Web page executes on the user's PC, 
making use of the software components installed from the user kit 

to collect the claimed identity plus evidence to support that claim; 

I 

specifically to access and manipulate the! smart card and biometric 

i 
i 

reader. The software components: (a) retrieve the claimed 
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10 



15 



20 



identification and primary biometric template from the smart card 
after satisfying the smart card file access methods; (b) read a live 

fingerprint from the user, prompting if necessary; (c) match the live 

i 
i 

fingerprint to the template and generate a verification message 

i 

packet containing the claimed identity, the results of the match, a 

t 

timestamp and transaction sequence j number, and a MAC 

generated by the smart card; and (d) return the identification data, 

i 

indication of biometric match, and the verification message packet 

to the calling script | 

i 

5. The scripts continuing to execute in the user's PC handle the 
response, placing the data elements in their positions in the 
requesting page. Either upon receipt or on user action, the request 
page with the appropriate data items is dispatched to the Web 

! 

server. I 

i 

6. Either immediately or later, depending on business needs, 

i 
i 

the Web server can send the verification message packet to the 
identity authority requesting a check of the MAC returned by the 

user. The identity authority recalculate^ the MAC, compares it to 

i 

the value provided in the packet, and generates a response. If the 
comparison fails, the response to the Web server contains only a 

! 

failure notification. If the comparison J succeeds, the response 

I 

contains a success notification and a unique verification code. 
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Thus, it can be seen that the system offers participants case-by-case 
options on the level of identity verification to be required for Internet interaction. 
For example, a Web site could require only smart card methods for simple log-in 
but require a biometric verification to complete purchases over some threshold 

5 level of dollar value or other risk metric. 

In its implementation, the system may provide services integrated with a 
P3P implementation for negotiating one participant's access to the other 
participant's identification and other information. , The services may be integrated 
with a database, X.500, or other directory implementation accessed using LDAP, 

io DAP, or any database access protocol. A version for LDAP implementation 
follows: ; 



EXAMPLE III i 

1. The ID Authority business enters an agreement with a Web 
15 business site to provide the identity verification function. The Web 

site adds specific software scripts to their HTML pages wherever 
the identity verification functions are needed. 

2. A business Web user is enrolled in the identity verification 
service and receives a user kit containing software components, a 

20 smart card reader, and a biometric reader to install on their PC, and 

i 

a personalized smart card. ! 

i 

3. To begin a particular interaction, the user browses to the 

i 

Web site. The Web server returns a login request page containing 
the scripts to use the identity verification service. 
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4. The script in the Web page executes on the user's PC, 
making use of the software components installed from the user kit 
to collect the claimed identity plus evidence to support that claim, 
specifically to access and manipulate the; smart card and biometric 

5 reader if those options are being used. The software components 

generate data elements containing the claimed identity and the 
evidence to support that identity. 

5. The scripts continuing to execute in the user's PC place the 
data elements in their positions in the login request page. Either 

10 upon receipt or on user action, the ! log-in request with the 

appropriate data items is dispatched to the Web server. As a part 
of processing the login request the Web server assembles an LDAP 

call containing the data elements and , dispatches it to the ID 

i 

Authority LDAP server. The ID Authority server verifies identity and 
15 places the results of the verification,! plus any other related 

authorization data, in the LDAP response message. 



With reference to Figure 3 showing the system architecture, any single or 

i 

20 combination of password log-in 1, smart card 2, or biometric 3 identification 

t 

routines may be adapted in the system by authority software 4 used in 

i 

conjunction with the user's browser and/or terminal 5. The ID Authority will be 
identified as an icon on client Web pages that will also include a brief dialog for 
functions. The ID authority 10 is interconnected between an enrolled user 6 and 
25 web site provider 20 and controls enrollment, customer support and 



12- 
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administration. The ID authority site includes interconnected web site server 101, 
LDAP server 102, encryption services server 103 and database 104 containing 
user and subscriber profiles. Web site providers subscribing to the ID authority 
include identity verification software scripts provided by the authority in their 
HTML pages 22. 

In enrolling in the system 11, the user provides an identity profile, such as 
user name and password, smart card identification code, and a biometric indicia 
such as a fingerprint read compiled in a data file 12 maintained by the authority at 
site database 104. The user kit providing password log-in and smart card reader 
and biometric reader hardware for higher levels! of authentication and authority 
software 7 is installed on the user terminal. As noted the software may be a plug- 
in for an OEM browser or a custom browser with ID authority functions integrally 

i 

included. The user kit components are operatively interconnected with browser 
5. The user is also provided with a personalized smart card (not shown) for 
operative relationship with the reader. The ! browser software includes a 

mechanism for conventionally communicating with a web site and for receiving a 

i 

verification demand from a web site 8. 

When the web site is an identity authority subscriber 20, the site prompts 
the user to comply with an identity demand when verification scripts in the web 
site HTML page 22 initiate an interaction between the user and the web site by 
downloading to the user's browser a verification script initiating the identity 
verification process. The downloaded verification script executes on the user's 
terminal and signals the user that a verification is required in one or more than 
one of the forms of a user name and password, a smart card identity, and a 
biometric identity, or a combination thereof. Upon receipt, the browser 
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mechanism prompts the user to comply with the demand, to provide identity data 
from the user in compliance with the demand, and to send a message packet to 
the authority containing the collected identity data. Communications between the 
user and ID Authority and the ID Authority may be encrypted, for example 
through server 103. The identity data from the user in compliance with the 
demand is sent in a message packet 15 to the authority. 

Examples of ID Authority functions are included in Table 1 below: 



Function 

Identification 



Table 1 ' 
Query / Demand 
Who are you? 



Response 

I am Doug James. 



Verified Identification Who are you? 



Verified Transaction Who are you? 
Signature 

Who is really purchasing 



I am Doug James. 

My verification code is 
3a665mn48277db#346& 



I am Doug James. 
Doug James is agreeing to this 



this lot of pharmaceuticals? transaction for XYZ Corp. 



What is your authority? 



My ID Authority verification code 
is 6593vz748d4827d% .... 
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In the order of relative importance and security needed for the transaction 
used as an example in the table above, the tiered verification functions of 
identification, verified identification, and verified transaction signature may 
correspond to password log-in, smart card verification and biometric (eg. 
5 fingerprint) identification demands. 

In the verification process, the signal of the web site to the user that a 
verification is required in one or more than one of the forms of a user name and 
password, a smart card identity, and a biometric identity is predetermined at the 
web site depending on the relative need for certainty of an identity verification 
10 related to the degree of importance of the electronic commerce to be transacted. 

The identity authority compares the data in the packet sent from the user 
with the user identity profile data 12 maintained by the authority in its database 
104. Depending on the comparison result, a response which is either a failure 

i 

notification, or a success notification and a unique verification code, is sent to the 
15 user terminal 15 for transmission to the web, site. The user terminal then 

t 

transmits 8 the verification code to the requesting web site page, which then 
transmits the code 23 to the identity authority for authentication that the code 
provided is in fact the code sent to the user by the ID Authority. The ID Authority 
will either approve, or disapprove, the user identity. With approval secure 
20 identity verified communications between the user and web site may proceed 
consistent with the level of identification, 1c, 2c or 3c, required and consistent 
with predetermined identity authorization activities allowed to the particular user. 
For example, some users, although their identity may be sufficiently verified may 
not have authority to make purchases, or to make purchases in excess of a given 
25 value, or to access certain information. 
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Having thus described the invention in detail, those skilled in the art will 
appreciate that, given the present disclosure, modifications may be made to the 
invention without departing from the spirit of the inventive concept herein 
described. Therefore, it is not intended that the scope of the invention be limited 
to the specific and preferred embodiments illustrations and described. Rather, it 
is intended that the scope of the invention be determined by the appended 
claims. 

<« -j- >» 
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What is claimed is: 

1 1 . A multi-tiered identity verification authority system for e-commercecomprising: 

2 an identity authority interconnected between an enrolled user and member 

3 Internet or Web site providers, the site providers subscribing to the authority and 

4 including identity verification software scripts provided by the authority in their HTML 

5 pages, the user having enrolled and provided identity data maintained by the 

6 authority; 

7 a user kit installed on a user terminal including a browser having identity 

8 verification functions and at least one of a smart card reader and a biometric reader 

9 operatively interconnected with the browser, and a personalized smart card, the 

0 browser including a mechanism for receiving a verification demand from a site, for 

1 prompting the user to comply with the demand, for collecting identity data from the 

2 user in compliance with the demand, and for sending in a message packet to the 

3 authority the collected identity data; 

4 the verification scripts in the site HTML page including means to begin an 
s interaction between the user and the site by downloading to the user's browser a 

6 verification script initiating an identity verification; 

7 the downloaded verification script executing on the user's terminal signaling 
s the user that a verification is required in one or more than one of the forms of a user 
9 name and password, a smart card identity, and; a biometric identity and, upon 

0 receipt, initiating the browser mechanism to prompt the user to comply with the 

i 

1 demand, to collect identity data from the user in compliance with the demand, and to 

2 send a message packet to the authority containing the collected identity data; 

3 the identity authority comparing the data in the packet with a user identity 

4 profile in a database maintained by the authority and generating a response which is 
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, her . feiiore notion or a success notion an, a unigue vedficafion code 

transmission to the site; 

^ans in the user terminal for <ransm»g the verification code to the 



, 3 The verified — o, * 2 further Muding Interconnected 
, — a, th e user — — - ~* * - ^ ^ 

t template from the smart card. 

, 4 T.e vedficahon aumc* - claim 3 in wh.cn a demand for a hiometdc 
, W en,«on res* In a pro., a, the use, «** ~ - use, provide a 
1 fingerprint. 

of claim 4 in which a user provided fingerprint is 
, 5 The verification authority ot claim * 

, compared to the fingerprint of the smart card template. 



Th e verified authority of Cairn 5 in which the identKy message pacKe, 



l 6. 



seauence number. 
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: ::"r.: 

• n the loain request from the site page, the web server 

zzrz.1— — — — — ■ 

to the authority database server. 

8 The —on -* o, Cairn 7 , -* * - — process^* 

— « - p- - — - - — - ~' 

, agnatoffhesfeto asmartcaldidenWy . and a metric 

, „ forms of a use, name and passwor ^ ^ 

, idenMyteP'eoetenninedatmesitedependmgonmere^e 

• M to the degree of importance of the etectronic commerce to 
identity verification related to the degree 



5 

s be transacted. 



i an OEM browser. 

, «me stamp and a cryptographic message aafnenticafion code. 
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1 12. A user kit for the multi-tiered identity verification authority system of claim 1 

2 comprising a smart card, a smart card reader, a biometric reader and a browser 

3 plug-in. 
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